Authentication and Identity Management Authentication and Identity Management Operating System and Network Security Operating System and Network Security Radboud University Nijmegen Radboud University Nijmegen Conclusions Conclusions Outline Authentication and Identity Management Computer Security: Security at Work Authentication Identity management Kerberos, and derivatives Bart Jacobs Operating System and Network Security Institute for Computing and Information Sciences – Digital Security Security models Radboud University Nijmegen A very brief look at operating systems Version: fall 2011 Network security basics Conclusions Bart Jacobs Version: fall 2011 Computer Security 1 / 50 Bart Jacobs Version: fall 2011 Computer Security 2 / 50 Authentication and Identity Management Authentication and Identity Management Operating System and Network Security Operating System and Network Security Radboud University Nijmegen Radboud University Nijmegen Conclusions Conclusions Real-world and virtual-world authentication Human to computer authentication Recall : identification = saying who you are; authentication = proving who you are. • In daily life we rely on context for many forms of The three basic human-to-computer authentication mechanisms (implicit) authentication are based on: • uniforms / places / 1 something you have, like a (physical) key, or card behaviour / etc Risk? theft, copying 2 something you know, like a password or PIN • In the online world such Risk? eavesdropping (shoulder-surfing), brute-force trials, forgetting contexts are either lacking, (how secure is the recovery procedure?), social engineering, multiple or easy to manipulate (fake use, fake login screens (use wrong password first!) “On the internet nobody e-banking site) knows you’re a dog” 3 something you are, ie. biometrics, like fingerprints or iris (Peter Steiner, New Yorker, 1993) Risk? imitation (non-replaceability), multiple use Bart Jacobs Version: fall 2011 Computer Security 4 / 50 Bart Jacobs Version: fall 2011 Computer Security 5 / 50 Authentication and Identity Management Authentication and Identity Management Operating System and Network Security Operating System and Network Security Radboud University Nijmegen Radboud University Nijmegen Conclusions Conclusions More about passwords Password change policies It is common wisdom that at least a 64 bit string is needed to be secure against password guessing. These 64 bit amount to: Does it make sense to force users to change their passwords • 11 characters, randomly chosen periodically (say every 3 months)? • 16 characters, computer generated but pronounceable • Pro: compromised passwords are usable for only a relatively • 32 characters, user-chosen short amount of time With modern brute force and rule-based techniques, passwords can • Against: lot’s of things: be broken easily. A well-known system to do so is Crack • the cause of a password compromise (if any) is ignored, and may be re-exploited Heuristics • users get annoyed, and use escape techniques: Reasonably good passwords come from longer phrases, eg. as first • insecure variations: passwd1 , passwd-2010 etc. letters of the words in a sentence: they are relatively easy to • writing passwords down (so that they become ‘something you have’) remember, and reasonably arbitrary (with much entropy). • more helpdesk calls, because people immediately forget their It is then still wise to filter on bad passwords. latest version An alternative is to use one-time passwords, distributed via an independent channel (eg. via a generator, via GSM or TAN-lists). Bart Jacobs Version: fall 2011 Computer Security 6 / 50 Bart Jacobs Version: fall 2011 Computer Security 7 / 50
Authentication and Identity Management Authentication and Identity Management Operating System and Network Security Operating System and Network Security Radboud University Nijmegen Radboud University Nijmegen Conclusions Conclusions Password recovery Biometrics: intro Biometrics refers to the use of physical characteristics or deeply What to do when a user forgets his/her password? This happens ingrained behaviour or skills to identify a person. frequently. Hence recovery procedures should not be too complicated (or expensive). What to do? • Physical characteristics: facial features, fingerprints, iris, voice, DNA, and the shape of hands or even ears. Some options: • Behaviour or skill: handwritten signature, but also someone’s • self service password reset, by supplying answers to previously gait, or the rhythm in which someone types on a keyboard. set security questions, like “where was your mother born?” “what’s your first pet’s name?” etc. Different types of biometrics have important differences in: Often, answers can be obtained by social engineering, phishing or • accuracy (percentage of false matches/non-matches) simple research (recall the Sarah Palin mailbox incident in 2008) • how easy they are to fake • Provide a new password via a different channel • which population groups they discriminate against • face-to-face transfer is best, but not always practical • ING bank provides new password via SMS • how much information they reveal about us, and how sensitive (recall: GSM (esp. SMS) is now broken) this information is (eg. your DNA may reveal health risks of • force re-registration (like DigiD does in NL) interest to insurance companies) Bart Jacobs Version: fall 2011 Computer Security 8 / 50 Bart Jacobs Version: fall 2011 Computer Security 9 / 50 Authentication and Identity Management Authentication and Identity Management Operating System and Network Security Operating System and Network Security Radboud University Nijmegen Radboud University Nijmegen Conclusions Conclusions Biometrics: intentional or unintentional Biometric systems in operation A biometric system works in several steps 1 its sensors capture a presented biometric Important difference between types of biometrics: 2 this input signal is then processes to extract features from it • necessarily intentional and conscious production, like with 3 these features are compared to previously recorded and stored signature (except under extreme coercion) biometric information • possibly unintentional production: people leave copies of their 4 it is decided if there is a match or not fingerprints and samples of their DNA wherever they go. Ideally, not the raw biometric information is stored, but a template • With the increased use of surveillance cameras we also leave with crucial info about features extracted from the raw data our facial image and gait in many places. This is what enables Fingerprint example such biometrics to be used in law enforcement • It also makes fingerprint information more valuable to the • raw information: image of the fingerprint (stored eg. in e-passport) owner, and to potential attackers, as fake fingerprints could be • template: so-called minutiae, bifurcations and endpoints of ridges, planted at a crime scene. which most fingerprint recognition systems use Storing such templates goes some way towards preventing abuse, assuming that fingerprints cannot be reconstructed from the templates. Bart Jacobs Version: fall 2011 Computer Security 10 / 50 Bart Jacobs Version: fall 2011 Computer Security 11 / 50 Authentication and Identity Management Authentication and Identity Management Operating System and Network Security Operating System and Network Security Radboud University Nijmegen Radboud University Nijmegen Conclusions Conclusions Biometrics for verification or identification e-Passport example in NL Biometrics can be used in two completely separate ways: • Verification: a person is matched with one particular stored • originally proposed for verification only (against look-alike fraud) biometric (template), eg. the fingerprint on his e-passport, to • function creep happened in the form of central storage of all check that someone has a certain claimed identity biometrics: now usable for identification and law enforcement • Identication: a person is matched with a large collection of • in 2011 these central storage plans were abanoned again stored biometrics, for example to see if he occurs in a • official reason: technique not ready database of known criminals, or has not already applied for a • opposition in parliament: privacy concerns, fear of data loss passport under a different name (Clearly, this is more error-prone than one-to-one matches, since in one-to-many matches errors accumulate) Bart Jacobs Version: fall 2011 Computer Security 12 / 50 Bart Jacobs Version: fall 2011 Computer Security 13 / 50
Recommend
More recommend
